leonardoliveira & Idc's clean decrypted roms

PCB problems and fixes
Post Reply
User avatar
leonardoliveira
Please Continue...
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

leonardoliveira & Idc's clean decrypted roms

Post by leonardoliveira »

idc asked me to try making this game work at something around 1PM my local time... After pouring 12 hours of work in it, I had this:
Image

And this:
Image
100% clean. No fancy menus, no clutter, no dumb/odd A.I. Plays exactly like the original which has suicide battery.

If someone is worried about counterfeits being made out of this, it's up to the buyers to look for MASK ROMS, battery, CAPCOM security seals and pins.

The goal is give people freedom from the tyranny of the suicide battery.





(Posts on this thread being edited to fix picture links)
Last edited by leonardoliveira on August 11th, 2013, 1:50 am, edited 1 time in total.
Image
User avatar
KmanSweden
KmanSweden
Posts: 1242
Joined: October 13th, 2010, 10:37 am
Location: Stockholm, Sweden
eBay: KmanSweden
Initials: PKK
Contact:

Re: CPS2 Development PCB - SFZ

Post by KmanSweden »

Street Fighter Alfa 3? :wtf: :lol: Street Fighter just got a lot better. :D
Up the Irons!
User avatar
idc
Ralf Little impersonator
Posts: 1311
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
eBay: iancourt
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc »

KmanSweden wrote:let's call it a remake of Razoolas hack..
I tell you what, let's not. ;)
leonardoliveira wrote:idc asked me to try making this game work at something around 1PM my local time... After pouring 12 hours of work in it, I had this:
And so the "other guy" reveals himself. Thank you, Leo. :awe:
ImageImageImageImage
Image
User avatar
leonardoliveira
Please Continue...
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira »

Who does one, does two, no ?
Image

Image

I didn't fix the memory test for this one yet.

Also, sorry about the thread hijacking ... lol

Edit: Got this one decrypted and running on the record time of five hours.
Last edited by leonardoliveira on August 11th, 2013, 1:51 am, edited 1 time in total.
Image
User avatar
leonardoliveira
Please Continue...
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira »

Let me hijack this threat a little more ... lol
Image
Image
Image
User avatar
leonardoliveira
Please Continue...
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira »

Tetsuosan wrote:I know with my superx phoenix board it has a ton of odd glitches that happen that don't happen with my other super x board ie; odd slowdowns happening at strange times, hit boxes showing up and/or not showing up, etc.
That has to do with wrong data at the decryption. It's not magic. It's a very complex and detailed job.
I had exceptional results once I poured more "love" on it.

The encryption protects on the presumption that you can only have all decrypted code with mangled data or all encrypted code with correct data. You cannot "guess" what is code and what is data. You have to analyze it. So what I do is manually analyze ALL the game code on a disassembler and determine what is code/data then manually transplant what is data from the encrypted rom into the decrypted one.

Even so, after eight hours of work on the QUIZ game I had it working but there were a crash on the attract mode. Which I solved the next day by watching what the program reads from the ROM. There were a sneaky non encrypted word (yes, two bytes) in the middle of a encrypted code area which pointed into another pointer which then finally pointed to a encrypted jumptable. Nasty stuff... ;)

Also I had some oddball grahpical glitches (Sprites disappearing) on the character animations, which went away once I removed what I called "silly NOPs" from the data areas. Silly NOPs are due to CAPCOM compiler/linker (these games are made in C) usually put NOPs to separate data fields on each "chunk" and because into a universe of 65536 possible values per word there's a HIGH possibility for a clash and you get a spurious/wrongly placed NOP instruction in the middle of a data field.
I just gave up from decrypting NOPs at DATA areas. That made up for mostly perfect roms.

Also, whenever I find a glitch I investigate throughly.
Image
User avatar
MrSandman
Posts: 347
Joined: October 9th, 2010, 9:00 pm
Location: Germany
eBay: Not yet, not trading yet
Initials: NOR

Re: CPS2 Development PCB - SFZ

Post by MrSandman »

leonardoliveira wrote: So what I do is manually analyze ALL the game code on a disassembler and determine what is code/data then manually transplant what is data from the encrypted rom into the decrypted one.
Simply ... WOW!
leonardoliveira wrote: There were a sneaky non encrypted word (yes, two bytes) in the middle of a encrypted code area which pointed into another pointer which then finally pointed to a encrypted jumptable. Nasty stuff... ;)
Besides the "encrypted" part, is that similar to a Z80 "JP (HL)" instruction?
"Hans, I've just noticed something."
User avatar
leonardoliveira
Please Continue...
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira »

MrSandman wrote: Simply ... WOW!
Really not that big of a deal... It's just a lot of work. Tedium extreme.
MrSandman wrote: Besides the "encrypted" part, is that similar to a Z80 "JP (HL)" instruction?
Actually it's very interesting how the encryption works, as using instructions indexed by data registers result on the decryption hardware being used. Using a instruction indexed by a address register seems to fetch a plain word from the rom, without kicking the decryption hardware. Keeping that in mind and manually analyzing the dump results on a 100% perfect rom (assuming that I don't commit mistakes during the interactive disassembly) on first try. I had Choko and Puzzloop2 work perfect out of the bat. I had a few mistakes on mighty pang japan on the test menu which I solved quickly using mame's debugger. When you have a full asm listing from the game looking at you in the disassembler it's easy to find any mistakes ... ;)

trmatthe wrote:Very cool stuff guys, both in finding the hardware and also with your investigations into the 68k encrypted opcodes/plaintext data. If you want to farm out any of the work feel free to message me.
I'll keep that in mind. Mostly I would want people to test the games and find bugs.
trmatthe wrote: Would be very very keen to see how the monitor/debugger has been wedged into this - do you know if they've added address decoding for previously unused address space, added a ROM with the monitor code and then stuck a vector into an unused slot in the TRAP jump table or does the debugger equipped game just happen to be a dev release that's not been stripped and chopped yet?
I just enable CAPCOM own debugger, which all games have.
Image
Tetsuosan
Please Continue...
Posts: 59
Joined: October 24th, 2008, 1:51 am
Location: Bridgeport, CT U.S.A

Re: CPS2 Development PCB - SFZ

Post by Tetsuosan »

How much would you charge for your services? I wish there was a way to send you the chips by mail for you to program, but I have family in Brazil, and I know as soon as I send the stuff over to you it'll get "lost" in the mail lol. My Super Street Fighter II Turbo board has a phoenix set that doesn't work too well, and I would like to not have the phoenix logo when I boot up the board.
User avatar
richy13
Ming the Merciless
Posts: 792
Joined: July 25th, 2009, 12:38 am
Location: UK
eBay: ...

Re: CPS2 Development PCB - SFZ

Post by richy13 »

Razoola as upload pictures of security system used to upload keys to CPS2 B boards

http://cps2shock.emu-france.info/"

if you download the pictures you can see there's a different card for each game set.

richard
User avatar
CPS2
Street Fighter
Posts: 1993
Joined: August 19th, 2008, 10:03 pm
Location: Leeds

Re: CPS2 Development PCB - SFZ

Post by CPS2 »

richy13 wrote:Razoola as upload pictures of security system used to upload keys to CPS2 B boards

http://cps2shock.emu-france.info/"

if you download the pictures you can see there's a different card for each game set.

richard
That PDA reminds me of an old scientific calculator I used to use a school. :awe:
User avatar
cools
Armed Police Buttrider
Posts: 13457
Joined: August 17th, 2008, 4:49 pm
Location: Wales, United Kingdom
eBay: hordarian
Initials: CLS

Re: CPS2 Development PCB - SFZ

Post by cools »

The cards themselves require a battery? :awe:
Image
User avatar
idc
Ralf Little impersonator
Posts: 1311
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
eBay: iancourt
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc »

The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.

Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
Image
Image
Image
ImageImageImageImage
Image
User avatar
richy13
Ming the Merciless
Posts: 792
Joined: July 25th, 2009, 12:38 am
Location: UK
eBay: ...

Re: CPS2 Development PCB - SFZ

Post by richy13 »

idc wrote:The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.

Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
Image
Image
Image
Whats inside the metal box ian??did it come with any cables for the J-tag connector or for the communication connector (for boards without the J-tag)?
User avatar
idc
Ralf Little impersonator
Posts: 1311
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
eBay: iancourt
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc »

richy13 wrote:Whats inside the metal box ian??did it come with any cables for the J-tag connector or for the communication connector (for boards without the J-tag)?
More pics will follow soon. Check CPS2Shock now, more of my pics have just appeared there.

Inside are a couple of TDK-branded PCBs which form a switching (~ 120/240 VAC) PSU, and a Capcom PCB which does the business. There are bunch of switches and some wires too. The top has a segmented LED-display. It is "booby trapped", i.e. keys are erased if the case is opened, but I suspect that these are just re-written using the PDA.

Interface is suspected to be SPI, not JTAG, but it came without cables.

It does power on, displaying an error code, followed by "init" if one of the buttons is pressed, which I expect means it's waiting for data from the PDA (which I don't have).
ImageImageImageImage
Image
User avatar
crunchywasp
stompin' an' jumpin'
Posts: 8079
Joined: February 10th, 2012, 2:51 pm
Location: Northern Ireland
eBay: crunchywasp
Initials: MAK

Re: CPS2 Development PCB - SFZ

Post by crunchywasp »

Wow! All this hardware that's surfacing is so incredibly cool :ugeek: 8-)
Image
User avatar
leonardoliveira
Please Continue...
Posts: 692
Joined: August 30th, 2012, 5:53 am
Location: Brazil
Initials: leo

Re: CPS2 Development PCB - SFZ

Post by leonardoliveira »

One last hijack on this thread ...

This one requires no explanation:

Image
Image
Image
Last edited by leonardoliveira on August 11th, 2013, 1:53 am, edited 1 time in total.
Image
User avatar
CPS2
Street Fighter
Posts: 1993
Joined: August 19th, 2008, 10:03 pm
Location: Leeds

Re: CPS2 Development PCB - SFZ

Post by CPS2 »

leonardoliveira wrote:One last hijack on this thread ...

This one requires no explanation:

Image
Image
Image
:eh:

Please explain.
User avatar
idc
Ralf Little impersonator
Posts: 1311
Joined: October 16th, 2008, 9:17 pm
Location: Tamworth, Staffordshire
eBay: iancourt
Initials: IAN
Contact:

Re: CPS2 Development PCB - SFZ

Post by idc »

CPS2 wrote:Please explain.
Decrypted Rockman 1. If you look, you can see that it's running using SFA3 decrypted driver, it's what Leo uses to test his ROMs. ;)
ImageImageImageImage
Image
User avatar
MrSandman
Posts: 347
Joined: October 9th, 2010, 9:00 pm
Location: Germany
eBay: Not yet, not trading yet
Initials: NOR

Re: CPS2 Development PCB - SFZ

Post by MrSandman »

idc wrote:The cards hold a CR2032 type battery and I believe that the software is indeed written in BASIC. Interface with the CPS2 B-board is likely SPI.

Edit: Here's the "last piece of hardware" to which Razoola refers (sorry for crappy iPad pics):
Image
Image
Image
Wow, that is so cool. Hope with this piece of HW you will be able to figure out how to upload the security keys.
"Hans, I've just noticed something."
Post Reply